This report details a series of recent cyber incidents, providing key information for each event, including published URLs and associated screenshots, strictly based on the provided data.
1. Alleged Data Breach of ToppersExam
- Category: Data Breach
- Content: The threat actor claims to have leaked data from ToppersExam. The Compromised data reportedly including Full Name, Address, Phone Number, Email.
- Date: 2025-12-09T23:48:23Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-Selling-India-toppersexam-com-1-981-000-users
- Screenshots:
- Threat Actors: Sorb
- Victim Country: India
- Victim Industry: Education
- Victim Organization: toppersexam
- Victim Site: toppersexam.com
2. Alleged Leak of Car Rental Customer Data from the USA
- Category: Data Breach
- Content: The threat actor claims to have leaked Car Rental Customer Data from the USA.
- Date: 2025-12-09T23:32:19Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-Selling-%F0%9F%87%BA%F0%9F%87%B8US-car-rental-DB-2025-11-23-mill-lines-for-sale
- Screenshots:
- Threat Actors: Frenshyny
- Victim Country: USA
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
3. Alleged Data leak of Mario Zambonini Provincial Conservatory
- Category: Data Breach
- Content: The group claims to have leaked data of Mario Zambonini Provincial Conservatory
- Date: 2025-12-09T23:26:45Z
- Network: telegram
- Published URL: https://t.me/crewcyber/352
- Screenshots:
- Threat Actors: 404 CREW CYBER TEAM
- Victim Country: Argentina
- Victim Industry: Education
- Victim Organization: mario zambonini provincial conservatory
- Victim Site: zambonini.edu.ar
4. Alleged Leak of Social Security Numbers and Driving License data form Usa
- Category: Data Breach
- Content: The threat actor claims to have leaked Social Security Numbers and Driver’s License data form Usa.
- Date: 2025-12-09T23:15:27Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-Selling-%F0%9F%87%BA%F0%9F%87%B8USA-cfl-198mill-SSN-DL-DB-avilable-for-sale
- Screenshots:
- Threat Actors: Frenshyny
- Victim Country: USA
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
5. Alleged Sale of Vortex Binder 2.0 for Payload Delivery
- Category: Malware
- Content: Threat actor claims to be selling a tool called Vortex Binder 2.0, which enables binding executable files with additional payloads—commonly used for concealing malicious components.
- Date: 2025-12-09T23:04:50Z
- Network: openweb
- Published URL: https://demonforums.net/Thread-Leak-Vortex-Binder-2-0
- Screenshots:
- Threat Actors: rippors
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
6. 404 CREW CYBER TEAM claims to target Argentina
- Category: Alert
- Content: A recent post by the group indicates that they are targeting Argentina
- Date: 2025-12-09T22:54:55Z
- Network: telegram
- Published URL: https://t.me/crewcyber/351
- Screenshots:
- Threat Actors: 404 CREW CYBER TEAM
- Victim Country: Argentina
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
7. Alleged data breach of English Online Co. Ltd
- Category: Data Breach
- Content: A threat actor is claiming to be selling a database allegedly taken from EOL System (English Online Co. Ltd.), which operates an online English learning and testing platform in Thailand. which includes information related to the Thailand English Online Contest (TEOC) and contains student assessment and participation records.
- Date: 2025-12-09T22:31:19Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-Selling-Thailand-engtest-net-109-000-users
- Screenshots:
- Threat Actors: Sorb
- Victim Country: Thailand
- Victim Industry: Education
- Victim Organization: english online co. ltd
- Victim Site: engtest.net
8. Alleged data breach of Sticker Japan
- Category: Data Breach
- Content: The threat actor claims to be selling a database of approximately 110,000 users from StickerJapan.com, an online Japanese business-card and sticker printing service. The compromised dataset reportedly includes names, phone numbers, email addresses, postal addresses, and other account details, with 80,000 unique phone numbers and 110,000 unique email addresses.
- Date: 2025-12-09T22:29:33Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-Selling-Japan-stickerjapan-com-110-000-users
- Screenshots:
- Threat Actors: Sorb
- Victim Country: Japan
- Victim Industry: E-commerce & Online Stores
- Victim Organization: sticker japan
- Victim Site: stickerjapan.com
9. Teruya Brothers, Limited falls victim to Qilin Ransomware
- Category: Ransomware
- Content: the group claims to have obtained the organization’s internal data.
- Date: 2025-12-09T22:25:18Z
- Network: tor
- Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=69c535f4-8eba-3c3b-8f6c-fafd9e1d72eb
- Screenshots:
- Threat Actors: Qilin
- Victim Country: USA
- Victim Industry: Retail Industry
- Victim Organization: teruya brothers, limited
- Victim Site: teruyabrothersltd.com
10. Alleged Data Leak of ExploitIn
- Category: Data Breach
- Content: Threat Actor claims to have leaked the database of ExploitIn, which contains 8.46GB of data.
- Date: 2025-12-09T22:21:28Z
- Network: openweb
- Published URL: https://leakbase.la/threads/exploitin-databreach-leak-8-46gb.46995/#post-260685
- Screenshots:
- Threat Actors: Bread64Bit
- Victim Country: Unknown
- Victim Industry: Unknown
- Victim Organization: Unknown
- Victim Site: Unknown
11. CPS, Ltd. falls victim to Sinobi Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 720 GB of organization’s internal data. The data includes Confidential, Financial information, Contracts and Customer’s information and they intend to publish it within 7-8 days.
- Date: 2025-12-09T22:20:25Z
- Network: tor
- Published URL: http://sinobi6ftrg27d6g4sjdt65malds6cfptlnjyw52rskakqjda6uvb7yd.onion/leaks/6938845f88b6823fa27298d2
- Screenshots:
- https://d34iuop8pidsy8.cloudfront.net/1f29ca97-aa74-4323-9fbb-6f17135487cd.png
- https://d34iuop8pidsy8.cloudfront.net/28092cea-66d8-42c3-ba4b-9896b86d61bf.png
- https://d34iuop8pidsy8.cloudfront.net/187856e8-1556-46c6-9d92-953b75b10e06.png
- https://d34iuop8pidsy8.cloudfront.net/d48cc413-4a45-425d-b9e4-0c2da876569f.png
- Threat Actors: Sinobi
- Victim Country: USA
- Victim Industry: Civil Engineering
- Victim Organization: cps, ltd.
- Victim Site: cpsengineering.net
12. Alleged Data Breach of Internal Revenue Service (IRS) in USA
- Category: Data Breach
- Content: Threat Actor claims to have breached the database of Internal Revenue Service (IRS) in USA, containing 18 million U.S. 401(k) and retiree benefit records which includes names, ages, and states of individuals aged 65 and older.
- Date: 2025-12-09T22:14:53Z
- Network: openweb
- Published URL: https://leakbase.la/threads/usa-401-k-benefit-funds_65-retiree-benefits_18-million-data-source-www-irs-gov-country-usa-quantity-18-million-contents-name-age-state.46991/
- Screenshots:
- Threat Actors: wiliafaly
- Victim Country: USA
- Victim Industry: Government Administration
- Victim Organization: internal revenue service
- Victim Site: irs.gov
13. Alleged data breach of Rewardy
- Category: Data Breach
- Content: The threat actor claims to be selling a database allegedly taken from Rewardy.io, containing about 2.2 million user records, including hashed passwords for a portion of accounts.
- Date: 2025-12-09T22:13:41Z
- Network: openweb
- Published URL: https://darkforums.st/Thread-Selling-rewardy-io-2-2M-User-Breached
- Screenshots:
- Threat Actors: test3221
- Victim Country: Unknown
- Victim Industry: Gaming
- Victim Organization: rewardy
- Victim Site: rewardy.io
14. Alleged leak of login credentials to Topup 2 Rich
- Category: Initial Access
- Content: The group claims to have leaked login credentials to the Intelligent Topup System (ITS) portal of Topup 2 Rich Company Limited.
- Date: 2025-12-09T22:12:57Z
- Network: telegram
- Published URL: https://t.me/Nunztamzy07/1422
- Screenshots:
- Threat Actors: NUNZTAMZY
- Victim Country: Thailand
- Victim Industry: E-commerce & Online Stores
- Victim Organization: topup 2 rich company limited (t2r)
- Victim Site: its.topup2rich.co.th
15. The Center of Association Management (CAMI) falls victim to NightSpire Ransomware
- Category: Ransomware
- Content: The group claims to have obtained 250 GB of the organization’s data and they intend to publish it within 5-6 days.
- Date: 2025-12-09T22:04:17Z
- Network: tor
- Published URL: http://nspirebcv4sy3yydtaercuut34hwc4fsxqqv4b4ye4xmo6qp3vxhulqd.onion/database
- Screenshots:
- Threat Actors: NightSpire
- Victim Country: USA
- Victim Industry: Business and Economic Development
- Victim Organization: the center of association management (cami)
- Victim Site: camihq.com
Conclusion
The incidents detailed in this report highlight a diverse and active landscape of cyber threats. Data breaches remain a dominant threat vector, affecting sectors such as Education (ToppersExam, English Online Co. Ltd.), E-commerce (Sticker Japan), and Government Administration (Internal Revenue Service). Countries including India, the USA, Argentina, Thailand, and Japan were impacted by these events. Ransomware attacks continue to target organizations with significant operational data, as seen with victims like Teruya Brothers, Limited (Qilin), CPS, Ltd. (Sinobi), and The Center of Association Management (NightSpire). Additionally, the sale of malware (Vortex Binder 2.0) and initial access credentials (Topup 2 Rich) on underground forums underscores the robust marketplace for offensive cyber tools and unauthorized access, further exacerbating the risk landscape for organizations worldwide.
